Thousands of Android Devices Shipped with their Debug Port Exposed

The issue dates back to February, but appeared again last week

An old Android bug, ADB.Miner, which was originally spotted by Qihoo360 Netlab back in February is finding new life thanks to a vendor oversight.

The bug, or more specifically, the worm is a cryptocurrency miner that takes advantage of the Android Debug Bridge (ADB), a baked-in feature that allows the vendor to troubleshoot faulty devices.

Typically, on Android devices the ADB feature is disabled by default, meaning that a user would have to manually connect it during a USB connection. The problem is that some vendors are shipping Android devices with the feature still turned on.

What complicates this even more is that the ADB also supports WiFi connections, which means that many device owners may not even realize it but their phone is completely accessible to remote connections made via the ADB interface, which is typically accessible via TCP port 5555.

It gets better, because ADB is a troubleshooting mechanism it grants access to some pretty powerful tools, including a Unix shell.

This is how the original worm, ADB.Miner, originally spread back in February. It would gain access to a device via ADB, use the Unix shell to install the miner and then scan for new devices to infect.

Last week, in a post on Medium, researcher Kevin Beaumont reminded everyone about the original issue while warning that thousands of devices are currently exposed online, with the highest concentration in China.

In terms of raw numbers I can see nearly ten thousand unique IP addresses scanning in any 24 hour window, and over a hundred thousand IP addresses scanning each 30 days. It is worth keeping in mind that because of Network Address Translation and dynamic IP reservations it is difficult to know the exact number of devices. But it is safe to say: “a lot”.

That’s not good, and the average internet user isn’t going to know how to check whether their Debug port is exposed. Fortunately, we can help with that.

How to turn off Android Debug Bridge

You’re going to need to go into the developer tools and make sure that you’ve got ADB toggled off. Here’s how you do it. For Android 4.2 and beyond, the Developer Tools are hidden, here’s how to make them viewable.

Go to Settings

Select About phone

Tap the Build Number seven times

Return to the previous screen, Developer Tools should display at the bottom.

Author

Hashed Out's Editor-in-Chief started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. He also designs the visuals for Hashed Out and serves as the Content Manager for The SSL Store™.